dradis-calculator_cvss 4.11.0 → 4.13.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (49) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -0
  3. data/README.md +2 -2
  4. data/app/assets/javascripts/dradis/plugins/calculators/cvss/cvss.js +32 -0
  5. data/app/assets/javascripts/dradis/plugins/calculators/cvss/manifests/application.js +16 -5
  6. data/app/assets/javascripts/dradis/plugins/calculators/cvss/manifests/tylium.js +16 -5
  7. data/app/assets/javascripts/dradis/plugins/calculators/cvss/{calculator.js.coffee → v3/calculator.js.coffee} +10 -32
  8. data/app/assets/javascripts/dradis/plugins/calculators/cvss/v4/calculator.js +168 -0
  9. data/app/assets/javascripts/dradis/plugins/calculators/cvss/v4/vendor/app.js +435 -0
  10. data/app/assets/javascripts/dradis/plugins/calculators/cvss/v4/vendor/cvss_config.js +858 -0
  11. data/app/assets/javascripts/dradis/plugins/calculators/cvss/v4/vendor/cvss_details.js +18 -0
  12. data/app/assets/javascripts/dradis/plugins/calculators/cvss/v4/vendor/cvss_lookup.js +275 -0
  13. data/app/assets/javascripts/dradis/plugins/calculators/cvss/v4/vendor/max_composed.js +35 -0
  14. data/app/assets/javascripts/dradis/plugins/calculators/cvss/v4/vendor/max_severity.js +30 -0
  15. data/app/assets/javascripts/dradis/plugins/calculators/cvss/v4/vendor/metrics.js +42 -0
  16. data/app/assets/stylesheets/dradis/plugins/calculators/cvss/manifests/application.css.scss +2 -1
  17. data/app/assets/stylesheets/dradis/plugins/calculators/cvss/manifests/tylium.scss +1 -2
  18. data/app/controllers/dradis/plugins/calculators/cvss/base_controller.rb +3 -1
  19. data/app/controllers/dradis/plugins/calculators/cvss/issues_controller.rb +35 -9
  20. data/app/models/dradis/plugins/calculators/cvss/v4.rb +89 -0
  21. data/app/views/dradis/plugins/calculators/cvss/_version_menu.html.erb +8 -0
  22. data/app/views/dradis/plugins/calculators/cvss/base/index.html.erb +9 -70
  23. data/app/views/dradis/plugins/calculators/cvss/base/v3/_base.html.erb +123 -0
  24. data/app/views/dradis/plugins/calculators/cvss/base/v3/_environmental.html.erb +192 -0
  25. data/app/views/dradis/plugins/calculators/cvss/base/v3/_index.html.erb +69 -0
  26. data/app/views/dradis/plugins/calculators/cvss/base/v3/_temporal.html.erb +67 -0
  27. data/app/views/dradis/plugins/calculators/cvss/base/v4/_base.html.erb +143 -0
  28. data/app/views/dradis/plugins/calculators/cvss/base/v4/_environmental.html.erb +220 -0
  29. data/app/views/dradis/plugins/calculators/cvss/base/v4/_index.html.erb +82 -0
  30. data/app/views/dradis/plugins/calculators/cvss/base/v4/_supplemental.html.erb +85 -0
  31. data/app/views/dradis/plugins/calculators/cvss/base/v4/_threat.html.erb +19 -0
  32. data/app/views/dradis/plugins/calculators/cvss/issues/_show-content.html.erb +21 -9
  33. data/app/views/dradis/plugins/calculators/cvss/issues/_show-tabs.html.erb +3 -5
  34. data/app/views/dradis/plugins/calculators/cvss/issues/edit/_v3.html.erb +91 -0
  35. data/app/views/dradis/plugins/calculators/cvss/issues/edit/_v4.html.erb +103 -0
  36. data/app/views/dradis/plugins/calculators/cvss/issues/edit.html.erb +3 -93
  37. data/dradis-calculator_cvss.gemspec +1 -1
  38. data/lib/dradis/plugins/calculators/cvss/engine.rb +13 -7
  39. data/lib/dradis/plugins/calculators/cvss/gem_version.rb +1 -1
  40. metadata +32 -15
  41. data/app/assets/stylesheets/dradis/plugins/calculators/cvss/_version_switch.scss +0 -26
  42. data/app/views/dradis/plugins/calculators/cvss/_version_switch.html.erb +0 -10
  43. data/app/views/dradis/plugins/calculators/cvss/base/_base.html.erb +0 -123
  44. data/app/views/dradis/plugins/calculators/cvss/base/_environmental.html.erb +0 -192
  45. data/app/views/dradis/plugins/calculators/cvss/base/_temporal.html.erb +0 -67
  46. /data/app/assets/javascripts/dradis/plugins/calculators/cvss/{vendor → v3/vendor}/cvsscalc30.js +0 -0
  47. /data/app/assets/javascripts/dradis/plugins/calculators/cvss/{vendor → v3/vendor}/cvsscalc30_helptext.js +0 -0
  48. /data/app/assets/javascripts/dradis/plugins/calculators/cvss/{vendor → v3/vendor}/cvsscalc31.js +0 -0
  49. /data/app/assets/javascripts/dradis/plugins/calculators/cvss/{vendor → v3/vendor}/cvsscalc31_helptext.js +0 -0
@@ -0,0 +1,18 @@
1
+ // Copyright FIRST, Red Hat, and contributors
2
+ // SPDX-License-Identifier: BSD-2-Clause
3
+
4
+ cvssMacroVectorDetails = {
5
+ "Exploitability": 0,
6
+ "Complexity": 1,
7
+ "VulnerableSystem": 2,
8
+ "SubsequentSystem": 3,
9
+ "Exploitation": 4,
10
+ "SecurityRequirements": 5
11
+ }
12
+
13
+ cvssMacroVectorValues = {
14
+ "0": "High",
15
+ "1": "Medium",
16
+ "2": "Low",
17
+ "3": "None",
18
+ }
@@ -0,0 +1,275 @@
1
+ // Copyright FIRST, Red Hat, and contributors
2
+ // SPDX-License-Identifier: BSD-2-Clause
3
+
4
+ cvssLookup_global = {
5
+ "000000": 10,
6
+ "000001": 9.9,
7
+ "000010": 9.8,
8
+ "000011": 9.5,
9
+ "000020": 9.5,
10
+ "000021": 9.2,
11
+ "000100": 10,
12
+ "000101": 9.6,
13
+ "000110": 9.3,
14
+ "000111": 8.7,
15
+ "000120": 9.1,
16
+ "000121": 8.1,
17
+ "000200": 9.3,
18
+ "000201": 9,
19
+ "000210": 8.9,
20
+ "000211": 8,
21
+ "000220": 8.1,
22
+ "000221": 6.8,
23
+ "001000": 9.8,
24
+ "001001": 9.5,
25
+ "001010": 9.5,
26
+ "001011": 9.2,
27
+ "001020": 9,
28
+ "001021": 8.4,
29
+ "001100": 9.3,
30
+ "001101": 9.2,
31
+ "001110": 8.9,
32
+ "001111": 8.1,
33
+ "001120": 8.1,
34
+ "001121": 6.5,
35
+ "001200": 8.8,
36
+ "001201": 8,
37
+ "001210": 7.8,
38
+ "001211": 7,
39
+ "001220": 6.9,
40
+ "001221": 4.8,
41
+ "002001": 9.2,
42
+ "002011": 8.2,
43
+ "002021": 7.2,
44
+ "002101": 7.9,
45
+ "002111": 6.9,
46
+ "002121": 5,
47
+ "002201": 6.9,
48
+ "002211": 5.5,
49
+ "002221": 2.7,
50
+ "010000": 9.9,
51
+ "010001": 9.7,
52
+ "010010": 9.5,
53
+ "010011": 9.2,
54
+ "010020": 9.2,
55
+ "010021": 8.5,
56
+ "010100": 9.5,
57
+ "010101": 9.1,
58
+ "010110": 9,
59
+ "010111": 8.3,
60
+ "010120": 8.4,
61
+ "010121": 7.1,
62
+ "010200": 9.2,
63
+ "010201": 8.1,
64
+ "010210": 8.2,
65
+ "010211": 7.1,
66
+ "010220": 7.2,
67
+ "010221": 5.3,
68
+ "011000": 9.5,
69
+ "011001": 9.3,
70
+ "011010": 9.2,
71
+ "011011": 8.5,
72
+ "011020": 8.5,
73
+ "011021": 7.3,
74
+ "011100": 9.2,
75
+ "011101": 8.2,
76
+ "011110": 8,
77
+ "011111": 7.2,
78
+ "011120": 7,
79
+ "011121": 5.9,
80
+ "011200": 8.4,
81
+ "011201": 7,
82
+ "011210": 7.1,
83
+ "011211": 5.2,
84
+ "011220": 5,
85
+ "011221": 3,
86
+ "012001": 8.6,
87
+ "012011": 7.5,
88
+ "012021": 5.2,
89
+ "012101": 7.1,
90
+ "012111": 5.2,
91
+ "012121": 2.9,
92
+ "012201": 6.3,
93
+ "012211": 2.9,
94
+ "012221": 1.7,
95
+ "100000": 9.8,
96
+ "100001": 9.5,
97
+ "100010": 9.4,
98
+ "100011": 8.7,
99
+ "100020": 9.1,
100
+ "100021": 8.1,
101
+ "100100": 9.4,
102
+ "100101": 8.9,
103
+ "100110": 8.6,
104
+ "100111": 7.4,
105
+ "100120": 7.7,
106
+ "100121": 6.4,
107
+ "100200": 8.7,
108
+ "100201": 7.5,
109
+ "100210": 7.4,
110
+ "100211": 6.3,
111
+ "100220": 6.3,
112
+ "100221": 4.9,
113
+ "101000": 9.4,
114
+ "101001": 8.9,
115
+ "101010": 8.8,
116
+ "101011": 7.7,
117
+ "101020": 7.6,
118
+ "101021": 6.7,
119
+ "101100": 8.6,
120
+ "101101": 7.6,
121
+ "101110": 7.4,
122
+ "101111": 5.8,
123
+ "101120": 5.9,
124
+ "101121": 5,
125
+ "101200": 7.2,
126
+ "101201": 5.7,
127
+ "101210": 5.7,
128
+ "101211": 5.2,
129
+ "101220": 5.2,
130
+ "101221": 2.5,
131
+ "102001": 8.3,
132
+ "102011": 7,
133
+ "102021": 5.4,
134
+ "102101": 6.5,
135
+ "102111": 5.8,
136
+ "102121": 2.6,
137
+ "102201": 5.3,
138
+ "102211": 2.1,
139
+ "102221": 1.3,
140
+ "110000": 9.5,
141
+ "110001": 9,
142
+ "110010": 8.8,
143
+ "110011": 7.6,
144
+ "110020": 7.6,
145
+ "110021": 7,
146
+ "110100": 9,
147
+ "110101": 7.7,
148
+ "110110": 7.5,
149
+ "110111": 6.2,
150
+ "110120": 6.1,
151
+ "110121": 5.3,
152
+ "110200": 7.7,
153
+ "110201": 6.6,
154
+ "110210": 6.8,
155
+ "110211": 5.9,
156
+ "110220": 5.2,
157
+ "110221": 3,
158
+ "111000": 8.9,
159
+ "111001": 7.8,
160
+ "111010": 7.6,
161
+ "111011": 6.7,
162
+ "111020": 6.2,
163
+ "111021": 5.8,
164
+ "111100": 7.4,
165
+ "111101": 5.9,
166
+ "111110": 5.7,
167
+ "111111": 5.7,
168
+ "111120": 4.7,
169
+ "111121": 2.3,
170
+ "111200": 6.1,
171
+ "111201": 5.2,
172
+ "111210": 5.7,
173
+ "111211": 2.9,
174
+ "111220": 2.4,
175
+ "111221": 1.6,
176
+ "112001": 7.1,
177
+ "112011": 5.9,
178
+ "112021": 3,
179
+ "112101": 5.8,
180
+ "112111": 2.6,
181
+ "112121": 1.5,
182
+ "112201": 2.3,
183
+ "112211": 1.3,
184
+ "112221": 0.6,
185
+ "200000": 9.3,
186
+ "200001": 8.7,
187
+ "200010": 8.6,
188
+ "200011": 7.2,
189
+ "200020": 7.5,
190
+ "200021": 5.8,
191
+ "200100": 8.6,
192
+ "200101": 7.4,
193
+ "200110": 7.4,
194
+ "200111": 6.1,
195
+ "200120": 5.6,
196
+ "200121": 3.4,
197
+ "200200": 7,
198
+ "200201": 5.4,
199
+ "200210": 5.2,
200
+ "200211": 4,
201
+ "200220": 4,
202
+ "200221": 2.2,
203
+ "201000": 8.5,
204
+ "201001": 7.5,
205
+ "201010": 7.4,
206
+ "201011": 5.5,
207
+ "201020": 6.2,
208
+ "201021": 5.1,
209
+ "201100": 7.2,
210
+ "201101": 5.7,
211
+ "201110": 5.5,
212
+ "201111": 4.1,
213
+ "201120": 4.6,
214
+ "201121": 1.9,
215
+ "201200": 5.3,
216
+ "201201": 3.6,
217
+ "201210": 3.4,
218
+ "201211": 1.9,
219
+ "201220": 1.9,
220
+ "201221": 0.8,
221
+ "202001": 6.4,
222
+ "202011": 5.1,
223
+ "202021": 2,
224
+ "202101": 4.7,
225
+ "202111": 2.1,
226
+ "202121": 1.1,
227
+ "202201": 2.4,
228
+ "202211": 0.9,
229
+ "202221": 0.4,
230
+ "210000": 8.8,
231
+ "210001": 7.5,
232
+ "210010": 7.3,
233
+ "210011": 5.3,
234
+ "210020": 6,
235
+ "210021": 5,
236
+ "210100": 7.3,
237
+ "210101": 5.5,
238
+ "210110": 5.9,
239
+ "210111": 4,
240
+ "210120": 4.1,
241
+ "210121": 2,
242
+ "210200": 5.4,
243
+ "210201": 4.3,
244
+ "210210": 4.5,
245
+ "210211": 2.2,
246
+ "210220": 2,
247
+ "210221": 1.1,
248
+ "211000": 7.5,
249
+ "211001": 5.5,
250
+ "211010": 5.8,
251
+ "211011": 4.5,
252
+ "211020": 4,
253
+ "211021": 2.1,
254
+ "211100": 6.1,
255
+ "211101": 5.1,
256
+ "211110": 4.8,
257
+ "211111": 1.8,
258
+ "211120": 2,
259
+ "211121": 0.9,
260
+ "211200": 4.6,
261
+ "211201": 1.8,
262
+ "211210": 1.7,
263
+ "211211": 0.7,
264
+ "211220": 0.8,
265
+ "211221": 0.2,
266
+ "212001": 5.3,
267
+ "212011": 2.4,
268
+ "212021": 1.4,
269
+ "212101": 2.4,
270
+ "212111": 1.2,
271
+ "212121": 0.5,
272
+ "212201": 1,
273
+ "212211": 0.3,
274
+ "212221": 0.1,
275
+ }
@@ -0,0 +1,35 @@
1
+ // Copyright FIRST, Red Hat, and contributors
2
+ // SPDX-License-Identifier: BSD-2-Clause
3
+
4
+ maxComposed = {
5
+ // EQ1
6
+ "eq1": {
7
+ 0: ["AV:N/PR:N/UI:N/"],
8
+ 1: ["AV:A/PR:N/UI:N/", "AV:N/PR:L/UI:N/", "AV:N/PR:N/UI:P/"],
9
+ 2: ["AV:P/PR:N/UI:N/", "AV:A/PR:L/UI:P/"]
10
+ },
11
+ // EQ2
12
+ "eq2": {
13
+ 0: ["AC:L/AT:N/"],
14
+ 1: ["AC:H/AT:N/", "AC:L/AT:P/"]
15
+ },
16
+ // EQ3+EQ6
17
+ "eq3": {
18
+ 0: { "0": ["VC:H/VI:H/VA:H/CR:H/IR:H/AR:H/"], "1": ["VC:H/VI:H/VA:L/CR:M/IR:M/AR:H/", "VC:H/VI:H/VA:H/CR:M/IR:M/AR:M/"] },
19
+ 1: { "0": ["VC:L/VI:H/VA:H/CR:H/IR:H/AR:H/", "VC:H/VI:L/VA:H/CR:H/IR:H/AR:H/"], "1": ["VC:L/VI:H/VA:L/CR:H/IR:M/AR:H/", "VC:L/VI:H/VA:H/CR:H/IR:M/AR:M/", "VC:H/VI:L/VA:H/CR:M/IR:H/AR:M/", "VC:H/VI:L/VA:L/CR:M/IR:H/AR:H/", "VC:L/VI:L/VA:H/CR:H/IR:H/AR:M/"] },
20
+ 2: { "1": ["VC:L/VI:L/VA:L/CR:H/IR:H/AR:H/"] },
21
+ },
22
+ // EQ4
23
+ "eq4": {
24
+ 0: ["SC:H/SI:S/SA:S/"],
25
+ 1: ["SC:H/SI:H/SA:H/"],
26
+ 2: ["SC:L/SI:L/SA:L/"]
27
+
28
+ },
29
+ // EQ5
30
+ "eq5": {
31
+ 0: ["E:A/"],
32
+ 1: ["E:P/"],
33
+ 2: ["E:U/"],
34
+ },
35
+ }
@@ -0,0 +1,30 @@
1
+ // Copyright FIRST, Red Hat, and contributors
2
+ // SPDX-License-Identifier: BSD-2-Clause
3
+
4
+ // max severity distances in EQs MacroVectors (+1)
5
+ maxSeverity = {
6
+ "eq1": {
7
+ 0: 1,
8
+ 1: 4,
9
+ 2: 5
10
+ },
11
+ "eq2": {
12
+ 0: 1,
13
+ 1: 2
14
+ },
15
+ "eq3eq6": {
16
+ 0: { 0: 7, 1: 6 },
17
+ 1: { 0: 8, 1: 8 },
18
+ 2: { 1: 10 }
19
+ },
20
+ "eq4": {
21
+ 0: 6,
22
+ 1: 5,
23
+ 2: 4
24
+ },
25
+ "eq5": {
26
+ 0: 1,
27
+ 1: 1,
28
+ 2: 1
29
+ },
30
+ }
@@ -0,0 +1,42 @@
1
+ // Copyright FIRST, Red Hat, and contributors
2
+ // SPDX-License-Identifier: BSD-2-Clause
3
+
4
+ // CVSS v4.0 metrics ordering and valid values
5
+ expectedMetricOrder = {
6
+ // Base (11 metrics)
7
+ "AV": ["N", "A", "L", "P"],
8
+ "AC": ["L", "H"],
9
+ "AT": ["N", "P"],
10
+ "PR": ["N", "L", "H"],
11
+ "UI": ["N", "P", "A"],
12
+ "VC": ["H", "L", "N"],
13
+ "VI": ["H", "L", "N"],
14
+ "VA": ["H", "L", "N"],
15
+ "SC": ["H", "L", "N"],
16
+ "SI": ["H", "L", "N"],
17
+ "SA": ["H", "L", "N"],
18
+ // Threat (1 metric)
19
+ "E": ["X", "A", "P", "U"],
20
+ // Environmental (14 metrics)
21
+ "CR": ["X", "H", "M", "L"],
22
+ "IR": ["X", "H", "M", "L"],
23
+ "AR": ["X", "H", "M", "L"],
24
+ "MAV": ["X", "N", "A", "L", "P"],
25
+ "MAC": ["X", "L", "H"],
26
+ "MAT": ["X", "N", "P"],
27
+ "MPR": ["X", "N", "L", "H"],
28
+ "MUI": ["X", "N", "P", "A"],
29
+ "MVC": ["X", "H", "L", "N"],
30
+ "MVI": ["X", "H", "L", "N"],
31
+ "MVA": ["X", "H", "L", "N"],
32
+ "MSC": ["X", "H", "L", "N"],
33
+ "MSI": ["X", "S", "H", "L", "N"],
34
+ "MSA": ["X", "S", "H", "L", "N"],
35
+ // Supplemental (6 metrics)
36
+ "S": ["X", "N", "P"],
37
+ "AU": ["X", "N", "Y"],
38
+ "R": ["X", "A", "U", "I"],
39
+ "V": ["X", "D", "C"],
40
+ "RE": ["X", "L", "M", "H"],
41
+ "U": ["X", "Clear", "Green", "Amber", "Red"],
42
+ }
@@ -2,4 +2,5 @@
2
2
  @import 'font-awesome';
3
3
 
4
4
  @import 'tylium/variables';
5
- @import 'dradis/plugins/calculators/cvss/version_switch';
5
+ @import 'shared/mixins';
6
+ @import 'tylium/modules/buttons';
@@ -1,2 +1 @@
1
- @import "tylium/variables";
2
- @import "dradis/plugins/calculators/cvss/version_switch"
1
+ @import 'tylium/variables';
@@ -2,7 +2,9 @@ module Dradis::Plugins::Calculators::CVSS
2
2
  # Does it matter that we're inheriting from the no-frills controller?
3
3
  class BaseController < ActionController::Base
4
4
  def index
5
- @cvss_vector = Hash.new { |h, k| h[k] = 'X' }
5
+ @cvss3_vector = Hash.new { |h, k| h[k] = 'X' }
6
+ @cvss4_vector = Dradis::Plugins::Calculators::CVSS::V4::DEFAULT_CVSS_V4.clone
7
+ @cvss_version = '4.0'
6
8
  end
7
9
  end
8
10
  end
@@ -1,10 +1,10 @@
1
1
  module Dradis::Plugins::Calculators::CVSS
2
2
  # Does it matter that we're inheriting from the no-frills controller?
3
3
  class IssuesController < ::IssuesController
4
+ before_action :set_cvss_version, only: :edit
4
5
  before_action :set_cvss_vector, only: :edit
5
6
 
6
- def edit
7
- end
7
+ def edit; end
8
8
 
9
9
  def update
10
10
  cvss_fields = Hash[ *params[:cvss_fields].scan(FieldParser::FIELDS_REGEX).flatten.map(&:strip) ]
@@ -19,19 +19,45 @@ module Dradis::Plugins::Calculators::CVSS
19
19
  end
20
20
  end
21
21
 
22
+ private
23
+
22
24
  def set_cvss_vector
23
25
  # Undefined Temporal and Environmental default to X
24
- @cvss_vector = Hash.new { |h, k| h[k] = 'X' }
25
- field_value = @issue.fields['CVSSv3.Vector'] || @issue.fields['CVSSv3Vector']
26
+ @cvss3_vector = Hash.new { |h, k| h[k] = 'X' }
27
+ @cvss4_vector = Dradis::Plugins::Calculators::CVSS::V4::DEFAULT_CVSS_V4.clone
28
+ field_value_v3 = @issue.fields['CVSSv3.Vector'] || @issue.fields['CVSSv3Vector']
29
+ field_value_v4 = @issue.fields['CVSSv4.BaseVector']
26
30
 
27
31
  # If no vector is set yet, that's OK
28
- return if field_value.blank?
32
+ return if field_value_v3.blank? && field_value_v4.blank?
29
33
 
30
- if field_value =~ V3::VECTOR_REGEXP
31
- field_value.split('/').each { |pair| @cvss_vector.store *pair.split(':') }
32
- else
33
- redirect_to main_app.project_issue_path(current_project, @issue), alert: 'The format of the CVSSv3 Vector field is invalid.'
34
+ if field_value_v3
35
+ if field_value_v3 =~ V3::VECTOR_REGEXP
36
+ field_value_v3.split('/').each { |pair| @cvss3_vector.store *pair.split(':') }
37
+ else
38
+ redirect_to main_app.project_issue_path(current_project, @issue), alert: 'The format of the CVSSv3 Vector field is invalid.'
39
+ end
34
40
  end
41
+
42
+ if field_value_v4
43
+ if field_value_v4.starts_with?('CVSS:4.0')
44
+ field_value_v4.split('/').each { |pair| @cvss4_vector.store *pair.split(':') }
45
+ else
46
+ redirect_to main_app.project_issue_path(current_project, @issue), alert: 'The format of the CVSSv4 Vector field is invalid.'
47
+ end
48
+ end
49
+ end
50
+
51
+ def set_cvss_version
52
+ @cvss_version =
53
+ case
54
+ when @issue.fields['CVSSv3.Vector']&.include?('CVSS:3.1')
55
+ '3.1'
56
+ when @issue.fields['CVSSv3.Vector']&.include?('CVSS:3.0')
57
+ '3.0'
58
+ else
59
+ '4.0'
60
+ end
35
61
  end
36
62
  end
37
63
  end
@@ -0,0 +1,89 @@
1
+ module Dradis::Plugins::Calculators::CVSS
2
+ class V4
3
+ DEFAULT_CVSS_V4 = {
4
+ 'AV' => 'N',
5
+ 'AC' => 'L',
6
+ 'AT' => 'N',
7
+ 'PR' => 'N',
8
+ 'UI' => 'N',
9
+ 'VC' => 'N',
10
+ 'VI' => 'N',
11
+ 'VA' => 'N',
12
+ 'SC' => 'N',
13
+ 'SI' => 'N',
14
+ 'SA' => 'N',
15
+ 'E' => 'X',
16
+ 'CR' => 'X',
17
+ 'IR' => 'X',
18
+ 'AR' => 'X',
19
+ 'MAV' => 'X',
20
+ 'MAC' => 'X',
21
+ 'MAT' => 'X',
22
+ 'MPR' => 'X',
23
+ 'MUI' => 'X',
24
+ 'MVC' => 'X',
25
+ 'MVI' => 'X',
26
+ 'MVA' => 'X',
27
+ 'MSC' => 'X',
28
+ 'MSI' => 'X',
29
+ 'MSA' => 'X',
30
+ 'S' => 'X',
31
+ 'AU' => 'X',
32
+ 'R' => 'X',
33
+ 'V' => 'X',
34
+ 'RE' => 'X',
35
+ 'U' => 'X'
36
+ }
37
+
38
+ FIELD_NAMES = %i{
39
+ BaseScore
40
+ BaseSeverity
41
+
42
+ MacroVector
43
+ Exploitability
44
+ Complexity
45
+ VulnerableSystem
46
+ SubsequentSystem
47
+ Exploitation
48
+ SecurityRequirements
49
+
50
+ BaseExploitableAttackVector
51
+ BaseExploitableAttackComplexity
52
+ BaseExploitableAttackRequirements
53
+ BaseExploitablePrivilegesRequired
54
+ BaseExploitableUserInteraction
55
+ BaseVulnerableConfidentiality
56
+ BaseVulnerableIntegrity
57
+ BaseVulnerableAvailability
58
+ BaseSubsequentConfidentiality
59
+ BaseSubsequentIntegrity
60
+ BaseSubsequentAvailability
61
+
62
+ SupplementalSafety
63
+ SupplementalAutomatable
64
+ SupplementalRecovery
65
+ SupplementalValueDensity
66
+ SupplementalVulnerabilityResponseEffort
67
+ SupplementalProviderUrgency
68
+
69
+ EnvironmentalExploitabilityAttackVector
70
+ EnvironmentalExploitabilityAttackComplexity
71
+ EnvironmentalExploitabilityAttackRequirements
72
+ EnvironmentalExploitabilityPrivilegesRequired
73
+ EnvironmentalExploitabilityUserInteraction
74
+ EnvironmentalVulnerableConfidentiality
75
+ EnvironmentalVulnerableIntegrity
76
+ EnvironmentalVulnerableAvailability
77
+ EnvironmentalSubsequentConfidentiality
78
+ EnvironmentalSubsequentIntegrity
79
+ EnvironmentalSubsequentAvailability
80
+ EnvironmentalConfidentialityRequirements
81
+ EnvironmentalIntegrityRequirements
82
+ EnvironmentalAvailabilityRequirements
83
+
84
+ ThreatExploitMaturity
85
+ }.freeze
86
+
87
+ FIELDS = (['CVSSv4.BaseVector'.freeze] + FIELD_NAMES.map { |name| "CVSSv4.#{name}".freeze }).freeze
88
+ end
89
+ end
@@ -0,0 +1,8 @@
1
+ <div class="d-flex align-items-center justify-content-end gap-2 small">
2
+ <label class="form-label m-0" for="cvss-version">Version:</label>
3
+ <select id="cvss-version" class="form-select" aria-label="cvss version select" data-behavior="cvss-version">
4
+ <option value="40" <%= 'selected' if @cvss_version == '4.0' %>>v4.0</option>
5
+ <option value="31" <%= 'selected' if @cvss_version == '3.1' %>>v3.1</option>
6
+ <option value="30" <%= 'selected' if @cvss_version == '3.0' %>>v3.0</option>
7
+ </select>
8
+ </div>
@@ -1,78 +1,17 @@
1
1
  <%= content_tag :div, class: 'page-header' do %>
2
- <h1>CVSS score calculator</h1>
3
- <%= render 'dradis/plugins/calculators/cvss/version_switch' %>
2
+ <h1 class="d-flex align-items-center justify-content-between">
3
+ CVSS score calculator
4
+ <div class="fs-3"><%= render 'dradis/plugins/calculators/cvss/version_menu' %></div>
5
+ </h1>
4
6
  <% end %>
5
7
 
6
8
  <p class="lead">Use this page to calculate the <abbr title="Common Vulnerability Scoring System">CVSS</abbr> score of a given finding.</p>
7
9
 
8
10
  <p class="alert alert-danger d-none" data-behavior="cvss-error"></p>
9
11
 
10
- <div class="row">
11
- <div class="col-lg-8">
12
-
13
- <h2 data-cvss="baseMetricGroup_Legend">
14
- Base: <span id="base-score">0</span>
15
- </h2>
16
- <%= render 'dradis/plugins/calculators/cvss/base/base' %>
17
-
18
- <h2 data-cvss="temporalMetricGroup_Legend" class="mt-5">
19
- Temporal: <span id="temporal-score">0</span>
20
- </h2>
21
- <%= render 'dradis/plugins/calculators/cvss/base/temporal' %>
22
-
23
- <h2 data-cvss="environmentalMetricGroup_Legend" class="mt-5">
24
- Environmental: <span id="environmental-score">0</span>
25
- </h2>
26
- <%= render 'dradis/plugins/calculators/cvss/base/environmental' %>
27
- </div>
28
-
29
- <div class="col-lg-4">
30
- <textarea name="cvss_fields" rows="52" class="form-control mb-4">#[CVSSv3.Vector]#
31
- N/A
32
-
33
- #[CVSSv3.BaseScore]#
34
- N/A
35
-
36
- #[CVSSv3.BaseSeverity]#
37
- N/A
38
-
39
- #[CVSSv3.TemporalScore]#
40
- N/A
41
-
42
- #[CVSSv3.TemporalSeverity]#
43
- N/A
44
-
45
- #[CVSSv3.EnvironmentalScore]#
46
- N/A
47
-
48
- #[CVSSv3.EnvironmentalSeverity]#
49
- N/A
50
-
51
- #[CVSSv3.BaseAttackVector]#
52
- #[CVSSv3.BaseAttackComplexity]#
53
- #[CVSSv3.BasePrivilegesRequired]#
54
- #[CVSSv3.BaseUserInteraction]#
55
- #[CVSSv3.BaseScope]#
56
- #[CVSSv3.BaseConfidentiality]#
57
- #[CVSSv3.BaseIntegrity]#
58
- #[CVSSv3.BaseAvailability]#
59
-
60
- #[CVSSv3.TemporalExploitCodeMaturity]#
61
- #[CVSSv3.TemporalRemediationLevel]#
62
- #[CVSSv3.TemporalReportConfidence]#
63
-
64
- #[CVSSv3.EnvironmentalConfidentialityRequirement]#
65
- #[CVSSv3.EnvironmentalIntegrityRequirement]#
66
- #[CVSSv3.EnvironmentalAvailabilityRequirement]#
67
-
68
- #[CVSSv3.ModifiedAttackVector]#
69
- #[CVSSv3.ModifiedAttackComplexity]#
70
- #[CVSSv3.ModifiedPrivilegesRequired]#
71
- #[CVSSv3.ModifiedUserInteraction]#
72
- #[CVSSv3.ModifiedScope]#
73
- #[CVSSv3.ModifiedConfidentiality]#
74
- #[CVSSv3.ModifiedIntegrity]#
75
- #[CVSSv3.ModifiedAvailability]#
76
- </textarea>
77
- </div>
12
+ <div id="v3-index d-none" data-cvss-version="3">
13
+ <%= render 'dradis/plugins/calculators/cvss/base/v3/index' %>
14
+ </div>
15
+ <div id="v4-index d-none" data-cvss-version="4">
16
+ <%= render 'dradis/plugins/calculators/cvss/base/v4/index' %>
78
17
  </div>